BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
BTC $57054.0562
ETH $3243.0497
BNB $394.9600
SOL $108.4177
XRP $0.5865
stETH $3239.3493
ADA $0.6239
AVAX $39.2702
DOGE $0.0977
TRX $0.1428
wstETH $3750.7519
DOT $8.3691
LINK $19.0300
WETH $3348.6813
MATIC $1.0282
UNI $10.8579
WBTC $56903.9273
IMX $3.3452
ICP $13.0217
BCH $292.5040
LTC $74.0124
CAKE $3.1570
ETC $28.0992
LEO $4.3640
FIL $7.6578
KAS $0.1689
RNDR $7.2011
DAI $1.0000
ATOM $11.2097
HBAR $0.1082
INJ $40.1071
VET $0.0489
TON $2.1280
OKB $51.4855
FDUSD $0.9985
LDO $3.4670
STX $2.9465
XMR $135.8398
XLM $0.1230
ARB $1.8948
NEAR $3.9608
TIA $17.0031
WEMIX $2.3756
GRT $0.2795
ENS $22.1963
MKR $2154.9330
APEX $2.3329
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • A number of Microsoft Exchange vulnerabilities were used in a new malicious campaign ProxyShellMiner

    The new malware, dubbed "ProxyShellMiner", exploits Microsoft Exchange ProxyShell vulnerabilities to deploy cryptocurrency miners and profit from attackers.

    ProxyShell is the common name for three Microsoft Exchange vulnerabilities discovered and fixed back in 2021. Together, the vulnerabilities allow remote code to execute without authentication, giving attackers full control over a specific Exchange server, as well as the ability to connect to other servers in the organization.

    In the attacks seen by Morphisec, attackers use the ProxyShell vulnerabilities tracked as CVE-2021-34473 and CVE-2021-34523 and CVE-2021-31207 to gain initial access to an organization's network.

    The attackers then drop the .NET malware payload into the NETLOGON folder of the domain controller to ensure that all devices on the network can run the malware. To activate it, a command line parameter is required, which is duplicated as a password for the XMRig Miner component.

    Next, the second loader creates a scheduled task on the infected system, which will launch the malware every time the user logs in. And then the malicious software, using the “Process Hollowing” method, introduces the miner into the user’s installed Internet browser and selects a random mining pool from the programmed list. After that, the process of cryptocurrency mining begins on the compromised computer.

    The final step in the chain of attack is to create a Windows Firewall rule that blocks all outgoing traffic from the system in order to reduce the chances of detecting infection tokens or receiving any warnings of a potential compromise.

    Morphisec warns that the impact of modern malware goes beyond DDoS attacks, server performance degradation and overheating of computers. After all, once hackers gain a foothold in the network, they can do anything at all. From deploying a backdoor to executing malicious code.

    To mitigate the risk of ProxyShellMiner infection, Morphisec recommends that all administrators apply available security updates and use comprehensive software solutions to detect and eliminate threats.

    Author DeepWeb
    An unknown attacker published data of Activision employees on a cybercrime forum
    Enterprising hackers from Blind Eagle attacked South American institutions in a rather interesting way

    Comments 0

    Add comment